Privacy: Can Businesses Build Trust And Exploit Opportunity?

As the opportunities to use personal data for marketing grow, companies search for how to strike the right balance between delivering the service customers want and the privacy they expect

Fidelity Investments wanted to tell people about its privacy policy, reasoning that its strategy of keeping customer information to itself could win loyalty. But it decided not to send out an E-mail explaining the policy because it didn't want to bug its customers. Says chief privacy officer Leigh Williams, "We don't want to intrude with a message that we're not intrusive."

The United States' largest mutual-fund company is walking the same fine line every business is these days--a tightrope between knowing and serving customers well and violating their privacy. Only a fraction of consumers are so concerned about privacy that they refuse to share information with companies and expect none to be collected about them. Most consumers want the convenience of having a company recognize them, and they expect businesses to know exactly how much familiarity is too much. "Privacy means striking the right balance, which means sharing information with the companies they trust and not sharing it with ones they don't trust," Williams says. "They just want to deal with an institution they can trust without having to actively manage the privacy."

The balance is the tricky part. Swiss bankers may know that their clients expect absolute secrecy, but short of that, the world gets complicated in a hurry. For most businesses, good privacy practice doesn't mean never gathering information, using it, or sharing it. The companies that succeed will be those that figure out just how much privacy--and personalized attention--their customers really want.

There's no single path to earning customer trust. Harrah's Entertainment Inc.'s casinos track the detailed gambling habits of 8 million members of its loyalty program but won't augment that with external data. American Express Co. combines customers' purchasing data with outside information sources and uses it for direct marketing but refuses to sell it to third parties. And Fidelity won't even share information across business lines--only the customer can link multiple accounts such as a 401(k) account and a money-market fund.

Customers "want to deal with an institution they can trust without having to actively manage the privacy," says Williams, Fidelity's chief privacy officer.

Companies have reason to take this privacy balancing act seriously. A recent Gartner survey of 7,000 consumers showed more than 80% are concerned about the privacy of their Social Security and credit-card numbers, and 60% say security and privacy worries keep them from doing business online. But there's a potential upside: A Jupiter Media Metrix report released last week suggests companies can win the trust of Web users over time. The survey found more than 30% of long-time Web users trusted merchants and banks enough to give them personal information, while only 13% of people who've been online less than a year had that same level of trust. "It's a competitive advantage to become leaders in the privacy space," Fidelity's Williams says.

Fidelity's policy of not linking separate accounts makes it harder to cross-sell services, but the company worries that sharing information across lines of business would be considered too invasive. At the same time, investors demand a complete view of their finances. So a Web tool called My Fidelity lets them pull all their accounts together, but Fidelity doesn't access that information. "If they can see how the accounts interact together, we get the same benefit as if we had done it," Williams says. "But they have driven it, not us."

Yet Fidelity isn't entirely passive about its sales strategy, because it does track customers' investing behavior to help it make marketing decisions. For example, Fidelity's retail stock-trading and mutual-funds business gathers information about whether someone is a buy-and-hold investor or an active trader, then tailors its communications accordingly. A long-term mutual-fund investor may get messages about retirement strategies, while an active trader may get messages about changes in trading-fee schedules. "The balance between the protection of data and the use of the data isn't a win-lose proposition," Williams says. "There's a way to give people what they need in terms of privacy and also what they need in terms of personalized service."

Now is a good time for businesses to figure out whether they've found the proper privacy balance. State and federal governments are getting serious about privacy violations--federal laws already have tightened standards on the financial and health-care industries, and some states have cracked down on database-marketing companies. There are rising doubts that companies can keep consumers' faith. "There's going to be a backlash," says Avivah Litan, a Gartner analyst who tracks privacy issues. Privacy violations "are going to lead to people turning off their computers."

KB Toys Inc. was determined to avoid that kind of backlash when it bought the assets of bankrupt eToys.com in May. The toy retailer didn't want a repeat of the privacy crisis created last year when online retailer Toysmart.com went bankrupt and faced the threat of a Federal Trade Commission injunction blocking the auction of its customer data. Toysmart had promised never to sell the information, which included shopping preferences and family profiles that listed children's names and birth dates. Toysmart's majority owner, Walt Disney Co., decided in January to buy the data for $50,000 and destroy it to duck the potential bad publicity.

KB Toys coveted eToys' loyal customers--paying $3.4 million for its assets--but knew that marketing too aggressively would attract regulators and scare off customers. So KB Toys is handling the transition gingerly.

While KB Toys bought the right to send E-mail to former eToys shoppers, it never actually sees the customer list. That's mostly to avoid consumer and regulator concern, but also to stay in line with its own philosophy. "Our privacy policies say we'll only contact our own customers. If we went out and contacted theirs, we'd be contradicting ourselves," says Scott Wilder, VP of product development and marketing of KB Toys' online division, KBkids.com, in Denver. Because KBkids has no access to the eToys customer list, a third party sends out E-mail ads on behalf of eToys, pitching sales on the KBkids site. Recipients have a choice: They can opt out of the mailings, keep receiving eToys E-mail, or move information such as wish lists and birthday reminders to the KBkids site. In an unusual move designed to allay regulators' concerns, the text of the messages sent to customers was given to all 50 state attorneys general for approval. "We wanted to make sure if they had any concerns, that we found out beforehand," Wilder says.

On its own site, KBkids uses cookies--HTML text placed on a user's computer to help the site recognize that person with each visit--to gather aggregate information about site navigation and what percentage of customers buys certain toys, but it doesn't track an individual's activity. Customer accounts include detailed information such as address and shopping preferences, but a shopper can create an account without any stored credit-card information if he or she is worried about security. The company also promises not to sell or share names. Not gathering more data may cost KB knowledge about its customers, but Wilder says that privacy carries its own attraction with consumers. "It's a little bit of an overkill, but if you walk that fine line of respecting privacy, you can create loyalty," he says.

Just how strong a bond that kind of respect earns hasn't really been tested in the short life of online relationships. Many companies still look at privacy issues as purely a liability--a mistake can get you in trouble, but people aren't going to buy from you because they respect your privacy policy. It's like the environment: People say they're concerned, but, in the end, they buy the gas guzzler and the disposable razor. "Privacy is probably seen more in the negative," says Jules Polonetsky, chief privacy officer of DoubleClick Inc. "People are more concerned with not interacting with the ones on the Internet they don't trust, rather than seeking out the ones they do."

Polonetsky knows what he's talking about. The former New York City consumer affairs commissioner was brought aboard after DoubleClick became the symbol for Internet privacy intrusion, thanks to the New York technology and ad placement company's plan to link customer data collected offline to people's Web-browsing habits. Polonetsky has carefully spelled out and expanded DoubleClick's privacy policy to include the more than 15,000 businesses that use DoubleClick's Internet browsing data. Polonetsky's group has scuttled contracts with companies that have substandard privacy practices and won't connect new clients until they have an approved privacy policy. That includes, for example, letting customers opt out of DoubleClick cookies, which collect individual Web-usage statistics. Polonetsky says DoubleClick has to worry not just about how it collects data, but how that data is used once the company sells it to clients.

However, businesses trying to set themselves apart in terms of privacy may have a tough time because the average user isn't sophisticated enough or doesn't take the time to understand the technology and policy behind privacy. Polonetsky says the problem isn't helped by privacy policies that cloud their meaning in long-winded clauses about sharing and not sharing information. So DoubleClick started clarifying and expanding its policy in ways it hopes reaches both technical and nontechnical consumers. It includes a page each to explain Web and E-mail marketing concepts such as cookies, pixel tags, opt-out campaigns, and marketing scores. Each page includes links that help concerned customers opt out of those devices.

Such detailed explanations are becoming more common, says Polonetsky, who has reviewed thousands of privacy policy statements while at DoubleClick. They help users avoid intrusive marketing techniques, but more commonly, he says, they simply help customers to be aware of what's out there and come to terms with it. "It explains the value exchange that's always existed on the Internet but users didn't understand."

A privacy policy is, at the moment, the greatest tool businesses have to set up privacy guidelines. And it's severely limited. Policies are static documents that consumers have to seek out and then understand. They don't actively aid consumers flirting with companies that may or may not protect privacy. And they may cause unexpected problems for the companies that create them. Thomas Regan, an attorney with Philadelphia law firm Cozen O'Connor, warns that very few privacy policies have faced the scrutiny of a court test. He advises executives who may feel a competitive urge to match their rivals' privacy policy to first make sure they've done the audits and allocated the resources to live up to it. "Their question is 'Why can't I just have the strongest privacy policy possible?'" Regan says. "If you can comply with it, fine."

Technology could provide some of the answers by putting more control in the hands of users. One of the most promising technologies is the Platform for Privacy Preferences (P3P), a World Wide Web Consortium standard (see story, "Trusted Third Parties Address Privacy"). P3P, supported in Microsoft's forthcoming Internet Explorer 6 Web browser, will let customers set data-disclosure preferences in their browsers. Businesses can write their privacy policies in language that the browser can understand, so when a visitor clicks on a site, the browser can tell whether that site conforms to the user's own privacy standards.

Privacy is important, but not at the cost of service, says Seagraves, EarthLink's chief privacy officer. Customers aren't willing to give up convenience to prevent information from being shared.

The concern many managers have is that coming down hard on the side of privacy protection may not be what customers really want. "One of the reasons that businesses haven't been able to make money on privacy is that it isn't really that important to consumers," says Don Peppers, founder of personalized marketing consulting firm Peppers and Rogers Group. There's ample evidence that consumers are frequently willing to exchange personal information if they think they're getting something in return. Even EarthLink Inc., an Atlanta Internet service provider that makes privacy a centerpiece of its marketing (see sidebar story, "EarthLink: An ISP That Customers Can Trust?"), concedes that most customers want to be recognized and served using their own data. "They're more worried about convenience than they are about information getting shared," says Les Seagraves, EarthLink's chief privacy officer.

Harrah's, in Las Vegas, has found millions of people willing to trade personal information for a more-efficient route to that time-honored Vegas tradition--getting comped. Harrah's Total Rewards loyalty program stores customer preferences and activities at its casinos and hotels, then rewards them for money spent. Far from scaring away customers, says John Boushy, Harrah's CIO and senior VP of operations, products, and services, the program has 8 million customers, and two-thirds of Harrah's revenue funnels through it.

The information shared is very sensitive. Gamblers use the card at every slot machine, craps table, or roulette wheel, so it gathers detailed information about how much that individual wins or loses. The company records how often a person stays at a hotel, even the kind of room he or she prefers. But customers share the information because they believe they get something in return: free food, show tickets, even complimentary rooms for the best customers. They "have the trust and confidence that the info will be dealt with in a manner that restores value," Boushy says.

Beyond freebies, the information can mean better service. If a Total Rewards member checks into a Harrah's hotel, the hotel clerk automatically knows that the member wants a king-sized bed and an ocean-view room, and can make sure that a high roller gets what he or she wants. "Because we know what our customers are worth to us, we're then able to market to them in a way that's relevant," Boushy says.

But keeping customer trust while gathering so much personal information requires caution. Harrah's collects only the data that customers have permitted it to gather, and the company doesn't share that data with outside sources. It won't, for example, take a customer's name and overlay demographic data from third-party sources to find out that customer's income. "We don't do it because it leads down a road of more intrusion," Boushy says. Harrah's also doesn't share or sell its customer lists. But it will do cooperative marketing campaigns, such as offering car-rental deals with Hertz Corp. It will work with Hertz to develop the message, but Harrah's handles distribution itself so it controls how customers are treated--and ensures that Hertz doesn't get access to that data.

Businesses, like consumers, expect something in return for sharing data, such as a discount or better service, says IBM chief privacy officer Pearson.

Business-to-business dealings raise a similar set of privacy issues. IBM chief privacy officer Harriet Pearson says businesses expect much the same thing consumers do--protect information about them, unless they get something in return for sharing it. "There should be something of value in return: a discount or expectation of better service," she says. Pearson predicts that open discussion about the value exchange involving data will become more common as companies invest more in database and customer-relationship management technology to make better use of the data they collect. The key factor is making sure each party knows how data is being used. She sums up IBM's privacy philosophy in two words: "No surprises."

American Express believes it knows customers well enough to market to them while keeping their trust. The company aggressively gathers information and uses it for marketing through alliances with third parties. For example, it puts cookies on its Web-site visitors' computers to track what they use on the site--checking balances, banking, and buying travel or merchandise. It may then combine that information with other information it has stored about the customer, as well as from external sources.

American Express says that it doesn't share that information with third parties. But it does send customers sales pitches on its partners' behalf, and it aggressively cross-sells existing new products to customers. A frequent user of an American Express credit card, for example, may get calls about fraud protection and other improved service programs. But American Express says that customers don't seem to mind; although they can opt out of both E-mail and direct campaigns, American Express' opt-out rate is low. Says a spokeswoman, "Most customers realize that we're protecting their information. We're trying to give them offers that we think are of value."

The reality is that there's danger in taking a lax attitude toward privacy--as well as in respecting it at the cost of customer service. If a company abuses customers' trust, it faces potential legal action and a sure loss of loyalty. But if it refuses to use customer information to better sell, market, and serve its customers, then it loses competitive advantage and loyalty from those willing to take the privacy risk. Harrah's Boushy realizes that you can't always avoid offending someone. "Any time you take a position at any end point of the continuum, it's extreme," he says. "That's black and white. What we're really dealing with is, what's the right shade of gray."

Photo of Williams by Mark Ostow
Photo of Seagraves by Tova R. Baruch
Photo of Pearson by Eric Breitenbach

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.